منتدى بريدة - خبر عاجل فيروس دمر 10500 جهاز سعودي!!!!!!!!!!!

....................

يقوم الفيروس باستخدام ملقمات البريد الوارد والصادر الخاصة به وذلك ليقوم بارسال نفسه لكل ايميل موجود في ملف الايميلات بنظام التشغيل وندوز او في المسنجر هوت ميل والياهو بيجر وكل الملفات التي تحمل في الاكستنشن الحرفين اتش وتي ويحمل الفيروس اكثر من ملقم بريد وارد وصادر يمكنه استخدامها
وذلك ببرمجة عبقرية تم بها صنع هذا الفيروسعنوان رسالة الفيروس عادة تكون
Are you the BEST
Free Win32 API source
Learn SQL 4 Free
I Love You..
Wanna be like a stone ?
Are you a Soccer Fan ?
Sexy Screensavers 4 U
Check it out
Sample Playboy
Hardcore Screensavers 4 U
XXX Screensavers 4 U
We want peace
Wanna be a HE-MAN
Visit us
One Virus Writer's Story
One Hacker's Love
World Tour
Whats up
Wanna be my sweetheart ??
Screensavers from Club Jenna
Jenna 4 U
Free rAVs Screensavers
Feel the fragrance of Love
Wanna Hack ??
Sample KOF 2002
The King of KOF
Wanna Brawl ??
Wanna Rumble ??
Play KOF 2002 4 Free
Demo KOF 2002
Free Demo Game
Wanna be friends ??
Need money ??
Are you beautiful
Who is your Valentine
Free Screenavers of Love
Free XXX
Free Screensavers
WWE Screensavers
Freak Out
Wanna be friends ?
Things to note
Lovers Corner
Patch for Elkern.gen
Patch for Klez.H
Free Screensavers 4 U
Project
Sample Screensavers
Are you in Love
I am in Love
I Love You
You are so sweet
The Hotmail Hack
U realy Want this
to ur lovers
to ur friends
Find a good friend
Learn How To Love
Are you looking for Love
Wowwwwwwwwwww check it
Check ur friends Circle
The world of Friendship
Shake it baby
How sweet this Screen saver
war Againest Loneliness
Need a friend?
Say 'I Like You' To ur friend
love speaks from the heart
Let's Dance and forget pains
Looking for Friendship
True Love
make ur friend happy
Who is ur Best Friend
hey check it yaar
Check this shit
Hello
Hiوتحتوي الرسالة عادة على هذه المواضيع
hey,
did u always dreamnt of hacking ur friends hotmail account..
finally i got a hotmail hack from the internet that really works..
ur my best friend thats why sending to u..
check it..just run it..enter victim's address and u will get the pass.
hi,
check the attached love screensaver
and feel the fragrance of true love..
Hi,
check the attached screensaver..
its really wonderfool..
i got it from freescreensavers.comHi,
check ur friends circle using the attached friendship screensaver..
check the attached screensaver
and if u like it send it to all those you consider
to be true friends... if it comes back to you then
you will know that you have a circle of friends..
Hi,
check the attached screensaver
and enjoy the world of friendship..
Hi,
are u in a rocking mood...
check the attached scrennsaver and start shaking..
Hi,
Check the attached screensaver..
Hi,
Are you lonely ??..
check the attached screensaver and
forget the pain of loneliness
Hi,
Looking for online pals..
check the attached friend finder software..
Hi,
sending you a screensaver..
check it and let me know how it is...
Hi,
Check the attached screensaver
and feel the fragrance of true love...
Hey,
I just got this wonderfull screensaver from freescreensaver.com..
Just check it out and let me know how it is..
I just came across it.. check out..
========================================
=============================
Are you one of those unfortunate human beings who are desperately
looking for friends.. but still not getting true friends with whom
you can share your everything..
anyway you wont feel down any more cause GC Chat Network has brought
up a global chat and online match making system using its own GC
Messenger. Attached is the fully functional free version of GC<BR>Instant Messenger and Match Making client..
Just install, register an account with us and find thousands of online
pals all over the world..
You can also search for friends by specific country,city,region etc.
Regards Admin,
GC Global Chat Network System..
Hi,
So you think you are in love..
is it true love ? you may think right now that you are in
true love but it is certainly possible that it is nothing
but a mere infatuation to you..
anyway to know yourself better than you have ever known check
the attached screensaver and feel the fragrance of true love..
Hey pal,
you know friendship is like a business...
to get something you need to give something..
though its not that harsh as business but to
get love and care from your friends you need to give
love,care and respect to your friends.. right {BR>
check the attached screensaver and you will learn how to
make your friends happy..
Hi,
Its quite obvious that in our life we have numerous friends
but.. BUT Best Friend can only be ONE.. right {BR>so can you decide who is your best friend {BR>i guess not.. cause mostly you will find that your best friend
wont care about u like somebody else..
anyway i found one way to find who is my best friend..
check it..
just check the attached screensaver.. answer some questions
in it and also ask your best friend to answer the questions..
..then you will know more about him..
Hey pal,
wanna have some fun in life... {BR>feel like life is too boring and monotonous..
check the attached screensaver and bring colours
to your black & white life..
Hi,
I just came across this funny screensaver..
sending it to u.. hope u like it..
check out and die laughing..
This E-Mail is never sent unsolicited. If you receive this
E-Mail then it is because you have subscribed to the official
newsletter at the KOF ONLINE website.
King Of Fighters is one of the greatest action game ever made.
Now after the mind boggling sucess of KOF 2001 SNK proudly
presents to you KOF 2002 with 4 new charecters.
Even though we need no publicity for our product but this
time we have decided to give away a fully functional trial
version of KOF 2002. So check out the attached trial version
of KOF 2002 and register at our official website to get a free
copy of KOF2002 original version
Best Regards,
Admin,KOF ONLINE..
<<<<<>>>>><<<<<>>>>><<<<<>>>>><<<<<>>>>><<<<<>>>>> <<<<<>>>>>
Hello,
I just came across your email ID while searching in the Yahoo profiles.
Actually I want a true friend 4 life with whom I can share my everything.
So if you are interested in being my friend 4 life then mail me.
If you wanna know about me, attached is my profile along with some of my
pics. You can check and if you like it then do mail me.
I will be waiting for your mail.
Best Wishes,
Your Friend..
Hello,
Looking for some Hardcore mind boggling action ?
Install the attached browser software and browse
across millions of paid hardcore sex sites for free.
Using the software you can safely and easily browse
across most of the hardcore XXX paid sites across the
internet for free. Using it you can also clean all
traces of your web browsing from your computer.
Note:The attached browser software is made exclusivley
for demo only. You can use the software for a limited
time of 35 days after which you have to register it
at our official website for its furthur use.
Regards,
Admin.
Klez.H is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC
Hello,
The attached product is send as a part of our official campaign
for the popularity of our product.
You have been chosen to try a free fully functional sample of our
product.If you are satified then you can send it to your friends.
All you have to do is to install the software and register an account
with us using the links provided in the software. Then send this software
to your friends using your account ID and for each person who registers
with us through your account, we will pay you $1.5.Once your account reaches
the limit of $50, your payment will be send to your registration address by
check or draft.
Please note that the registration process is completely free which means
by participating in this program you will only gain without loosing anything.
Best Regards,
Admin
والملفات المرفقة لهذا الفيروس عادة تكون بهذه المسميات والامتدادات
The_Best.scr
Codeproject.scr
SQL_4_Free.scr
I_Love_You.scr
Stone.scr
Sex.scrSoccer.scr
Real.scr
Plus6.scr
Plus2.scr
Playboy.scr
Hardcore4Free.scr
xxx4Free.scr
Screensavers.scr
Peace.scr
Body_Building.scr
Services.scr
VXer_The_LoveStory.scr
Hacker_The_LoveStory.scr
World_Tour.scr
up_life.scr
Sweetheart.scr
Sexy_Jenna.scr
Jenna_Jemson.scr
zDenka.scr
Ravs.scr
Free_Love_Screensavers.scr
Romeo_Juliet.scr
Hacker.scr
KOF_Fighting.exe
KOF_Sample.exe
KOF_Demo.exe
KOF_The_Game.exe
KOF2002.exe
King_of_Figthers.exe
KOF.exe
My_Sexy_Pic.scr
MyProfile.scr
Ways_To_Earn_Money.exe
Beautifull.scr
Valentines_Day.scr
zXXX_BROWSER.exe
Britney_Sample.scr
THEROCK.scr
FreakOut.exe
MyPic.scr
Notes.exe
Cupid.scr
FixElkern.com
FixKlez.com
Romantic.scr
Project.exe
Love.scr
friendship_funny.scr
Colour_of_life.scr
Life.scr
Best_friend.scr
Friend_happy.scr
True_love.scr
Gc_messenger_exe
Dance.scr
I_like_you.scr
Friend_finder_exe
Be_happy.scr
Sweet.scr
Shake.scr
World_of_friendship.scr
Friendship.scr
Funny.scr
Hotmail_hack_exe.scr
وعادة يكون اسم المرسل بهذه المسميات
Klein Anderson
Codeproject
SQL Library
me2K
Rocking Stone
Super Soccer
Sexy Screensavers
Real Inc.
Plus 6
Plus 2
Playboy Inc.
Hardcore Screensavers
XXX Screensavers
Nomadic Screensavers
Keanu Stevenson
Nicolas Schwarzeneggar
admin@hackersclub.com
admin@viruswriters.com
admin@hackers.com
Paul Owen
Benting
Veronica Anderson
Club Jenna
Jenna Jameson
Zdenka Podkapova
Raveena Pusanova
Screensavers of Love
Romeo & Juliet
Jaucques Antonio Barkinstein
Cathy Kindergarten
KOF Online
Omega Rugal
Terry Bogard
Iori Yagami
Kyo Kusanagi
Clark Steel
Ralph Jones
Jasmine Stevens
Ross Anderson
John Vandervochich
American Beauty
Valentine Screensavers
Lovers Screensavers
zporNstarS
britneyspears.org
The Rock
Noopman
Susan
Jonathan
Cupid
McAfee Inc.
Norton Antivirus
Trend Micro
Romantic Screensavers
Jericho
Love Inc.and
info@flashyat.com
kl@aminoprojects.com
admin@codeproject.com
free@sql.library.com
me@me2K.com
stone@esterplaza.com
marketing@suppersoccer.com
free@sexyscreensavers.com
sales@real.com
plus@real.com
sales@playboy.com
free@hardcorescreensavers.com
free@xxxscreensavers.com
kkn@k2k.comscreensavers@nomadic.com
nics@nomadic.com
paul@kqscore.com
btq@263.com
services@tcsonline.com
admin@clubjenna.com
jenna@jennajameson.com
zdenka@zpornstars.com
ravs@go2pussy.com
love@lovescreensavers.com
DNA_seraph@163.com
super@21cn.com
cathy@21cn.com
admin@kofonline.com
zhouyuye@citiz.net
lubing@7135.com
hamada@seikosangyo.com
luoairong@21cn.com
valentinescreensavers@t2k.com
screensavers@lovers.com
admin@zpornstars.com
newsletters@britneyspears.org
therock@wwe.com
ericpan@online.com.pk
samsun@online.sh.cn
yjworks@online.sh.cn
cupid@freescreensavers.com
av_patch@mcafee.com
av_patch@norton.com
av_patch@trendmicro.com
romanticscreensavers@love.com
caijob@online.sh.cn
loverscreensavers@love.com
اذا كان تاريخ جهازك هوه 25 مارس او 22 مايو راح تظهر لك رسالة تقول
Happy Birthday Dear
واذا كان يوم الجهاز هو الخميس راح يقوم الفيروس بعمل الاتي
اولا يقوم بعمل عشوائي لوضع الصفحة الرئيسية للمتصفح وذلك بالتحكم في الرجستري
HKEY_CURRENT_USER\Software\Microsoft\Int
ernet Explorer\Mainto one of these:
على احد هذه العناوينhttp:/ /www.unixhideout.com
http:/ /www.hirosh.tk
http:/ /www.neworder.box.sk
http:/ /www.blacksun.box.sk
http:/ /www.coderz.net
http:/ /www.hackers.com/html/neohaven.html
http:/ /www.ankitfadia.com
http:/ /www.hrvg.tk
http:/ /www.hackersclub.up.to
http:/ /geocities.com/snak33y3sاستعادة محتويات المستندات الخاصة بالمستخدم
HKEY_CURRENT_USER\Software\Microsoft\Win
dows\CurrentVersion\Explorer\Shell Foldersعمل ملف تكست على سطح المكتب وبحالة مخفية وارشيف ويحتوي الملف على الاتي
========================================
====================
r0xx pReSaNt$ W32.@YerH$.B (all r1ght$ re$erv3d.. ;) )
w3 aRe tHe gRe@t 1nD1aN$..
------------------------------------------------------
m@iN mIssIoN iS t0 sPreAd tHe nAmE @YerH$
s00 mUch t0 c0me..
iNclUdEd DDoS c0mp0neNtS c@usE oF sHiT p@kI l@meRseXp3ct th3 uNeXp3ctEd
dEdic@t3d t0 : mY b3$t fRi3nD
========================================
====================
>> qph@hackermail.com
or======================================
============
W32.@YerH$.B,Made in India,
wE aRe thE greAt iNdIaNs..
----------------------------
aBouT mE :
jUst a c0mputEr gEEk..
i tHinK i aM sTill a sCripT kiddiE..
eDucAtiOn : sCh00l sTudEnt..
aBouT @YerH$.B:
n0 dEstrucTivE paYload$ f0r inFecTeD c0mpUteRs.
teRminAtioN oF aV + FireWaLL f0r sUrvIvaL.
tImE dEfiNed tRigErRinG.. jUst f0r fUn.. n0 paYloaD.
c0ntAinS bUg iN rEpliCation c0de.. no tIme t0 fiX.
g0nNa fiX iT iN nExt rElEase..
n0 m0rE $hiT
========================================
===========
>> qph@hackermail.com
or
========================================
==========
W32.@YerH$.B,Made in India,
wE aRe thE greAt iNdIaNs..
----------------------------
spEciAl 10x to c0bra..
f0r inSpirAtIon + c0dIng hElp..
========================================
==========
>> qph@hackermail.com
or
========================================
==============
W32.@YerH$.B,Made in India
wE aRe thE greAt iNdIaNs..
----------------------------
wAnT peAce aNd pr0speRity in InDiA ?..
f**k tHe c0rruptEd p0litiCian$..no shit$ nEEdeD..
mErA bhAraT mAhaN ??.. n0t yeT..wE nEEd t0 mAkE iT..
talenT & hArd w0rK shOulD be rEspEctEd..
sElf stYleD a**H***$ mUsT bE eLimInatEd....
n0 m0re $hiT m0n0p0lY..
========================================
==============
>> qph@hackermail.com
or
========================================
=========
W32.@YerH$.B,Made in India.
wE aRe thE greAt iNdiAnS.
----------------------------
iNdiAn hAckeRs + vXerS teAm up...
aNd kicK lamEr a**
no m0re pAk shIT..
itZ oUr tiMe to shOw tHem, the p0wer of teaM w0rk.
f**k AIC,GFORCE,SILVERLORDS,WFD..f*****g k1dd1es..
no sHit bUsineSS iN heRe aNd
nO lamE stuFF..
========================================
=========
>> qph@hackermail.com

طريقة التخلص من الفيروس
اذا نزلت الفيروس وشغلته اول شي تعمله هوه تحديث النورتن انتي فايروس
اعادة تشغيل الجهاز
نسخ ملف
Copy Regedit.exe
الى
Reg.com
وذلك حسب الخطوات التالية وحسب نظام التشغيل الخاص بجهازك
بعد تعديل الرجستري
قم باعادة تشغيل الجهاز
قم بتشغيل برنامج مكافحة الفيروسات واذا لم يقم بتشغيل نفسه
قم بتحميل المف التالي وهو التحديث الذكي الخاص بازالة هذا الفيروس
http://securityresponse.symantec.co....html.لمستخدمين نظام وندوز 95 و 98 يقوم بالذهاب الىأبدأ ثم البرامج وبعد ذلك يقوم باختيار ايقونه
MS-DOSوبذلك راح تفتح لك شاشة الدوسبعد كذا انتقل للخطوة الثانية
اما لو كنت تستخدم نظام وندوز ملينيوم
اذهب الى ابدأ ثم برامج بعد ذلك برامج ملحقة ثم MS-DOSاما بخصوص مستخدمين وندوز ان تي و 2000فقم بالذهاب الى ابدأ ثم تشغيل واكتب
command
واضغط اوكي وبعدها راح تنفتح لك شاشة الدوسأكتب فيها الامر التالي
cd \winntثم انتقل للخطوة الثانيةلو كنت تستخدم وندوز اكس بي
فقم بالذهاب الى ابدأ ثم تشغيل واكتب
command
واضغط اوكي وبعدها راح تنفتح لك شاشة الدوسأكتب فيها الامر التالي
cd \windows
الخطوة الثانية قم بكتابة الأمر التاليcopy regedit.exe reg.comاضغط انتر
ثم اكتب الامر التالي
start reg.com
وأنتر
بعد اتمام هذه العملية عليك ان تقوم بتعديل الرجستري وذلك حسب الخطوات التالية
HKEY_LOCAL_MACHINE\Software\Classes\exef
ile\shell\open\commandروح على تشغيل
RUN
اكتب فيها
REGEDIT
واحظ ملف الرجستي القديم عشان اذا خبصت ما تروح وطي
وتحفظه بانك تروح لكلمة رجستري فوق وتقوله اكسبورت رجستري فايل وتحفظ الملف في مكان كويس وبعد كذا اختارHKEY_LOCAL_MACHINE
ثم
Software
بعد كذا
Classes
ثم
exefile
ثم
shell
ثم
open
ثم
command
وبعد كذا دبل كلك على كلمة ديفولت وغير القيمة الموجودة للقيمة هذه
"%1" %*
وهية
علامة تنصيص + علامة المئوية +رقم واحد + علامة تنصيص +مسافة + علامة مئوية +نجمةبالنسبة لوندوز 95 و 98 ووندوز ان تي راح تكون هذه القيمة موجودة اول ما تضغط على زر الاوكي وراح تظهر بهذا الشكل
""%1" %*"
نلاحظ علامة تنصيص زايدة وهذه ما راح تظهر لو كان نظام التشغيل
الوندوز 2000 والاكس بي
بعد كذا روح واتاكد من مجلدات الرجستري هذهHKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Wi
ndows\CurrentVersion\RunServicesوبنفس الطريقة السابقة تقدر توصل لها
بعنيHKEY_LOCAL_MACHINE
ثم
Software\Microsoft
ثم
Windows
ثم
CurrentVersion
ثم
Run
وتتاكد اذامن حذف هذه القيم من الجهة اليمين
WinServices.exe C:\%System%\WinServices.exe
وبعد كذا تقوم باعادة تشغيل الجهاز

واسف للأطالة ................

وهذا الرابط المنقول منه الخبر

http://www.kw10.net/vb/showthread.ph...389#post154389

أخوكم
عالي الشان